CVE-2025-21957

Summary

In the Linux kernel, the following vulnerability has been resolved:

scsi: qla1280: Fix kernel oops when debug level > 2

A null dereference or oops exception will eventually occur when qla1280.c driver is compiled with DEBUG_QLA1280 enabled and ql_debug_level > 2. I think its clear from the code that the intention here is sg_dma_len(s) not length of sg_next(s) when printing the debug info.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa0441891373fe2db582075a4639fdfcccea470c1 < afa27b7c17a48e01546ccaad0ab017ad0496a522affected
LinuxLinuxa0441891373fe2db582075a4639fdfcccea470c1 < 11a8dac1177a596648a020a7f3708257a2f95feeaffected
LinuxLinuxa0441891373fe2db582075a4639fdfcccea470c1 < c737e2a5fb7f90b96a96121da1b50a9c74ae9b8caffected
LinuxLinuxa0441891373fe2db582075a4639fdfcccea470c1 < 24602e2664c515a4f2950d7b52c3d5997463418caffected
LinuxLinuxa0441891373fe2db582075a4639fdfcccea470c1 < ea371d1cdefb0951c7127a33bcd7eb931cf44571affected
LinuxLinuxa0441891373fe2db582075a4639fdfcccea470c1 < af71ba921d08c241a817010f96458dc5e5e26762affected
LinuxLinuxa0441891373fe2db582075a4639fdfcccea470c1 < 7ac2473e727d67a38266b2b7e55c752402ab588caffected
LinuxLinuxa0441891373fe2db582075a4639fdfcccea470c1 < 5233e3235dec3065ccc632729675575dbe3c6b8aaffected
LinuxLinux2.6.24affected
LinuxLinux0 < 2.6.24unaffected
LinuxLinux5.4.292 <= 5.4.*unaffected
LinuxLinux5.10.236 <= 5.10.*unaffected
LinuxLinux5.15.180 <= 5.15.*unaffected
LinuxLinux6.1.132 <= 6.1.*unaffected
LinuxLinux6.6.84 <= 6.6.*unaffected
LinuxLinux6.12.20 <= 6.12.*unaffected
LinuxLinux6.13.8 <= 6.13.*unaffected
LinuxLinux6.14 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References